Creating native users for testing Innovation Release
- Hybrid Manager dual release strategy
- Documentation for the current Long-term support release
For testing or demo environments, you can simplify operations by adding native users. For production deployments, we strongly recommend configuring an external IdP
Native user credentials are stored in the hm-portal-bootstrap Kubernetes secret. To add a new user, you append their credentials to this secret.
Adding a native user
Generate a unique user ID and bcrypt-hashed password for the new user, assuming the password is stored in the
${password}variable:NEW_USER_ID=$(uuidgen | tr '[:upper:]' '[:lower:]') NEW_HASH=$(echo -n "${password}" | htpasswd -BinC 10 admin | cut -d: -f2) echo "User ID: $NEW_USER_ID" echo "Password hash: $NEW_HASH"
Retrieve the current secret content:
kubectl get secret hm-portal-bootstrap -n default -o jsonpath='{.data.static-passwords\.yaml}' | base64 -d > static-passwords.yaml
Edit the
static-passwords.yamlfile and append the new user to thestaticPasswordslist:staticPasswords: - email: "owner@mycompany.com" hash: "$2y$10$FWXeALAmT/axI/FIos/NtOVEldynfCx/bqDOAJ9EbiKeq5NuDR.XO" username: "Owner MyCompany" userID: "c234d951-dee1-4e3d-9f1d-108dabe339ce" - email: "newuser@example.com" hash: "$2y$10$FIvL7GWymJtGZo5uTMrWsOTuifUmwJQg8JtHJQxuLkT3os2Ozpo1C" username: "New User" userID: "60138e10-9552-4922-afe7-044c2250a23d"
Update the secret with the modified content:
kubectl patch secret hm-portal-bootstrap -n default \ --type merge \ -p "{\"data\":{\"static-passwords.yaml\":\"$(base64 < static-passwords.yaml | tr -d '\n')\"}}"
Kubernetes automatically replicates the secret to the
upm-dexnamespace, and the Dex deployment automatically restarts to apply the changes.Verify the Dex pods have restarted and are running:
kubectl get pods -n upm-dex -l app.kubernetes.io/name=dex
The new user can sign in to the HM console with their email and password.
Parameters
These settings are for the user in the portal.authentication.staticPasswords entry. Each user needs values for email, hash, username, and userID.
| Parameter | Description |
|---|---|
email | Email address of the user. Also serves as the user's login identifier for accessing the HM console. |
hash | Bcrypt-hashed user password for password store. To generate this value, use echo ${password} | htpasswd -BinC 10 userA | cut -d: -f2, where the actual password is stored behind the ${password} variable. userA represents the username used during the password hashing process. It can be any arbitrary text, as it's not used elsewhere in the configuration. Only the resulting hash is used. |
userID | Each new user configured with a static password must have a distinct, unique identifier for the user (uuid). You can choose to generate this value with a UUID generator tool or assign a random sequence of characters manually. |
username | Unique username for the user. This is the primary identifier for logging into the HM console. It can be the same as email. |
- On this page
- Adding a native user